Restrict Case List with OU

Former Member · ‎2007 Jun 18

Hi All,

I have a problem to restrict access the case list with OU of the user.(in NV2000).

There aren't an authorization object associate the case with the OU. I find only the authorization object N_NBEW_ACT but it's for the movements of case.

The solution that I want is in the case overview : case list in the navigation.

You go to : Edit → Filter → Restrict OU. But I want a solution which must not give an access to the data of an another OU for the users .

Thanks for your help.

Kazzout Khalid

Security Consultant

Former Member · ‎2007 Jun 18

Hi All,

As far as I know, there is not any link between case and OU, OU relation exists only at movement level (Admittance, Discharge, ...) so that N_NBEW_ACT is the object to use.

Any data stored at Patient or Case level (not movement) will be accesible unless you implement any workaround using BAPI's at NV2001, hard to set up and needs programming.

Regards,

Former Member · ‎2007 Jun 18

Hi Khalid,

there is a userparameter NFO to restrict the caselist. The documentations says:

<b>NFO: Restriction of Case List to OU </b>

<i>Use

The user parameter NFO allows you to restrict the display of the case list to cases that have at least one movement in a particular organizational unit (OU).

Integration

You can remove this restriction in the display of the case list or restrict the display to other OUs.

Activities

You maintain the value of the parameter as follows:

Values of the User Parameter NFO

Parameters / Value / Meaning

NFO / Identification key of the OU / If at least one case exists for which at least one movement is assigned to the OU specified here, the case list only displays the cases that were assigned to the OU. If no case exists for which at least one movement is assigned on the OU specified here, the case list displays all of the patient's cases irrespective of the OU.

NFO / " "/parameter not maintained / The case list displays all of the patient's cases.

</i>

I hope it is of any help.

Kind regards,

Martin

Former Member · ‎2007 Jun 19

Hi Martin,

Thanks, but I have ever use this parameter NFO and I useall the user parameter which have a relationship with OU. I give the key of OU and it's not work.

I use the transaction NV2000 and NP10 but the restriction with OU don't work.

I try to use a field exit with a specific authorization object.

Best Regards

Kazzout Khalid

Claudius · ‎2007 Jun 25

SAP Patient Management offers different means to restrict or filter the items of the case list depending on your business needs:

1.) Restricting Case List Display by OE

In case the result list is too long for a user this function might be helpful. Please see <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/08/ac716cd46711d189f20000e829fbbd/frameset.htm">the documentation</a>

2.) User parameter NFO

For users interested only in cases with movements on "their" OE, user parameter NFO might be useful. However it is not suitable for security requirements, please refer to <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/3c/8fa411d50911d189f20000e829fbbd/frameset.htm">documentation of user parameter NFO</a>

3.) Data security indicator for OU

In case you want to protect some organizational units, you can set the Data Protection indicator - look for "Data protection" in the respective <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/39/0b7394df3011d189fc0000e829fbbd/frameset.htm">documentation</a>. The corresponding authority object N_NORG_SPE will be evaluated. Please note this authorization object is also used by i.s.h.med <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/f7/ebb3e8051411d2a975006094b91c8b/frameset.htm">(IS-H Authorization Objects in i.s.h.med)</a>

I assume that 3.) is the solution for your problem. BTW there is a bit information on general security aspects in the <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/bd/d6a142b1e8c911e10000000a1550b0/frameset.htm">Healthcare Security Guide</a>

Best regards

Claudius Metze

Former Member · ‎2007 Jun 26

Hi Claudius,

Thanks for your answer.

I apply the third solution but it doesn't work.

In the transaction NB20, on the other data, I activate the data protection for each OU, and I specify on the authorization object N_NORG_SPE, the key of OU.

The problem is that this authorization object controls only movements of the case for each OU.

I see this information in PFCG.

I activate the trace system for authorization, and I have a RC=4 for N_NORG_SPE, that means the program controls only the movements and not the number of case.

Furthermore, the fields in this authorization object N_FALL_FNR means that the number of the case are maintaining in the institution (level higher than OU).

I think that the solution can come from the user parameter NFO but I don't understand why it doesn't work. (because only this parameter associate the number case's list with OU).

Kazzout Khalid

Best Regards

Former Member · ‎2007 Jun 27

Hi Claudius,

I know where are the problem but I am not sure.

In the transaction SFW5 (for the exensions of SAP ecc), only ISH_AMBULATORYand ISH_MAIN are activating for the project.

ISH_MEDMAIN is not activate in the system, that's why, the authorization object N_NORG_SPE is not activate in the system.

I know that the message N1 : 625 (for the data protection of UO) don't find in the programs.

I know if it's necessary to activate ISH_MEDMAIN to resolve the problem of case list.

Best Regards

Khalid Kazzout

Claudius · ‎2007 Jun 28

Hi Khalid,

I think you should issue a message via the SAP Support Portal to have this resolved. Then colleagues can have a look at your system to find out why is does not work as intended.

Regards

Claudius